Vendor
A vulnerability in the openclaw npm package before version 2026.4.10 allows unauthorized modification of Matrix profile configurations via the `operator.write` message tool.